Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14251 | 1 Temenos | 1 T24 | 2019-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters. | |||||
| CVE-2010-1848 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | |||||
| CVE-2019-3943 | 1 Mikrotik | 1 Routeros | 2019-12-17 | 7.5 HIGH | 8.1 HIGH |
| MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk). | |||||
| CVE-2019-19683 | 1 Nopcommerce | 1 Nopcommerce | 2019-12-17 | 9.0 HIGH | 9.1 CRITICAL |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. | |||||
| CVE-2015-5322 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. | |||||
| CVE-2019-18253 | 1 Abb | 2 Relion 670, Relion 670 Firmware | 2019-12-17 | 7.5 HIGH | 10.0 CRITICAL |
| An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | |||||
| CVE-2019-19372 | 1 Rconfig | 1 Rconfig | 2019-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit." | |||||
| CVE-2019-19229 | 1 Fronius | 132 Datamanager Box 2.0, Datamanager Box 2.0 Firmware, Eco 25.0-3-s and 129 more | 2019-12-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal. | |||||
| CVE-2019-15931 | 1 Intesync | 1 Solismed | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. | |||||
| CVE-2014-9356 | 1 Docker | 1 Docker | 2019-12-11 | 8.5 HIGH | 8.6 HIGH |
| Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. | |||||
| CVE-2019-19458 | 1 Saltosystem | 1 Proaccess Space | 2019-12-10 | 5.0 MEDIUM | 8.6 HIGH |
| SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. | |||||
| CVE-2019-18922 | 1 Alliedtelesis | 2 At-gs950\/8, At-gs950\/8 Firmware | 2019-12-10 | 7.8 HIGH | 7.5 HIGH |
| A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. | |||||
| CVE-2010-3490 | 1 Sangoma | 1 Freepbx | 2019-12-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. | |||||
| CVE-2019-17404 | 1 Nokia | 1 Impact | 2019-12-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nokia IMPACT < 18A: allows full path disclosure | |||||
| CVE-2019-17406 | 1 Nokia | 1 Impact | 2019-12-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 | |||||
| CVE-2019-10767 | 1 Iobroker | 1 Iobroker.js-controller | 2019-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled). | |||||
| CVE-2019-13157 | 1 Naver | 1 Vaccine | 2019-12-03 | 6.4 MEDIUM | 7.5 HIGH |
| nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. | |||||
| CVE-2013-3311 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2019-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request. | |||||
| CVE-2018-13864 | 2 Lightbend, Microsoft | 2 Play Framework, Windows | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. | |||||
| CVE-2013-4657 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2019-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | |||||